Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• Mazda Motor Corporation issued a recall September 8 for more
than 759,000 of its model years 2010 – 2016 vehicles in select makes due to a
problem affecting the vehicles’ rear hatches where the hatch lift supports can
corrode and break, thereby increasing the risk of injury. – TheCarConnection.com

2. September
8, TheCarConnection.com – (International) Mazda recalls 2010-2013
Mazda3, 2012-2015 Mazda5, 2013-2016 CX-5, 2016 CX-3: 2.2 million affected. Mazda
Motor Corporation issued a recall September 8 for more than 759,000 of its
model years 2010 – 2016 vehicles in select makes sold in the U.S. and Canada
due to a problem affecting the vehicles’ rear hatches where the protective
coating applied to the hatch lift supports does not protect the supports from
water intrusion, which can lead to corrosion and cause the supports to break,
thereby increasing the risk of injury. Source:

• Four people were arrested in Brooklyn, New York, September 7
after authorities discovered 2,433 blank credit cards and other illicit
materials while executing a search warrant at the group’s apartment. – WNBC
4 New York See item 3 below in
the Financial Services Sector

• Missouri officials lifted a precautionary boil water advisory
for approximately 85,000 customers in St. Louis County September 7 that was
issued after the company’s water treatment plant temporarily lost power. – St.
Louis Post-Dispatch

• Florida officials announced September 6 that the Albert Whitted
plant in St. Petersburg released nearly 20 million gallons of partially treated
sewage September 5 due to heavy rains from Hurricane Hermine. – WTSP 10 St.
Petersburg

13. September
6, WTSP 10 St. Petersburg – (Florida) Hermine overwhelmed sewer
facilities around Bay area. The Florida Department of Environmental
Protection announced September 6 that the Albert Whitted plant in St.Petersburg
released nearly 20 million gallons of partially treated sewage September 5 and
2,000 gallon of raw sewage August 31 due to heavy rains from Hurricane Hermine.
Officials also announced that millions of gallons of sewage mixed with storm
water spilled near the Marshall Street wastewater treatment plant in
Clearwater, Florida, August 31 after the plant received more than 20 million
gallons of wastewater per day during the storm. Source: http://www.wtsp.com/news/hermine-overwhelmed-sewer-facilities-around-bay-area/314610723

4. September
7, SecurityWeek – (International) Gugi banking trojan can bypass Android 6
protection. Kaspersky security researchers discovered a variant of the Gugi
mobile banking trojan can bypass two security features in Google’s Android 6.0,
including the permission-based app overlays and the dynamic permission
requirement for dangerous in-app activities like calls or short message service
(SMS) in order to overlay applications and steal mobile banking credentials
from its victims, and found the trojan is being distributed via SMS spam that
tricks victims into accessing phishing Websites, which downloads the malware
onto the device. Researchers advised users to reboot the infected device in
safe mood and attempt to uninstall the trojan. Source: http://www.securityweek.com/gugi-banking-trojan-can-bypass-android-6-protection

Information Technology Sector

22. September
8, Softpedia – (International) WordPress 4.6.1 security update is out, time
to update peeps. WordPress released version 4.6.1 of its WordPress Content
Management System (CMS) resolving a path traversal vulnerability and a
cross-site scripting (XSS) flaw affecting the admin panel that can be exploited
via image metadata and allow a malicious actor to take over the affected
Website. The update also patches 15 other bugs related to the underlying CMS
codebase.

23. September
8, Help Net Security – (International) Flaws in Network Management Systems open
enterprise networks to attacks. Rapid7 researchers and an independent
researcher discovered over 12 vulnerabilities plaguing 9 different Network
Management Systems (NMSs) products that could be exploited via cross-site
scripting (XSS) attacks over Simple Network Management Protocol (SNMP)
agent-provided data, which could allow a local attacker to add a malicious
device to the network, XSS attacks over SNMP trap alert messages, and format
string processing on the NMS Web management console that can be carried out via
specially crafted trap alert messages. Researchers reported that all the flaws
have received patches. Source: https://www.helpnetsecurity.com/2016/09/08/flaws-network-management-systems/

24. September
7, SecurityWeek – (International) Google patches QuadRooter, other critical
Android vulnerabilities. Google released its September 2016 Android
Security Bulletin resolving 55 vulnerabilities, including 2 critical remote
code execution (RCE) flaws in LibUtils and Mediaserver, a high risk RCE in
MediaMuxer, and 2 issues in QuadRooter that impacted over 900 million Android
devices using Qualcomm chipsets, among other vulnerabilities. Source: http://www.securityweek.com/google-patches-quadrooter-other-critical-android-vulnerabilities

25. September
7, SecurityWeek – (International) Siemens fixes several flaws in SIPROTEC
products. Siemens released firmware updates addressing vulnerabilities in its
SIPROTEC 4 and SIPROTEC Compact devices after Kaspersky Lab researchers found
the devices were plagued with a flaw that an attacker with network access could
exploit to bypass authentication mechanisms and carry out administrative
operations, and a flaw that could allow an attacker with network access to
perform those actions while a legitimate user is logged in to the Web
interface. Siemens advised customers to use network segmentation, virtual
private networks (VPNs), and firewalls to protect their systems against
attacks. Source: http://www.securityweek.com/siemens-fixes-several-flaws-siprotec-products

For another story, see item 4 above in the Financial Services Sector

Communications Sector

See item 4 above
in the Financial Services Sector
and item 24 above in the Information Technology Sector

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"